1. Help Desk: Questions and Answers
  2. How do I define system-access-group-based data security policies?

How do I define system-access-group-based data security policies?

Let's say you're an HR Help Desk Administrator, Internal Help Desk Administrator or IT Security Manager. Then you can use system access groups and predefined rules to support help desk request data security for your users.

Every standard job role provided by Oracle has a corresponding system access group. The predefined object-sharing rules assigned to each system access group provide the same access to help desk request data as provided by the standard job roles.

Note: System access groups provide you an alternative way to manage a user's access to help desk request data. You can also create access extension rules to extend the access provided by the predefined rules to related objects.

System access groups are active by default. But the predefined object-sharing rules associated with each system access group are inactive by default. So you must activate these rules before you can use them. The association between system groups and predefined rules is also disabled by default. So for each system group, you must also enable the predefined rules you want to apply to the group.

The following table lists the predefined object-sharing rules for system access groups along with their descriptions.

S. no.

Predefined rule name

This rule provides access to:

1

All Service Requests

All service requests.

2

All CRM Service Requests

Access to all CRM service requests.

3

CRM Business Unit Service Requests

All CRM service requests associated with the user's business units.

4

CRM Partner Service Requests

All CRM partner service requests.

5

CRM Business Unit Partner Service Requests

CRM partner service requests associated with the user's business units.

6

CRM Service Request Queue Member

All CRM service requests assigned to queues that the user is a member.

7

CRM Service Request Queue Member Hierarchy

All CRM service requests assigned to queues that the user's subordinates are a member.

8

CRM Service Request Team

All CRM service requests where the user is on the SR team.

9

CRM Service Request Team Hierarchy

All CRM service requests where the user's subordinates are on the SR team.

10

CRM Service Request Assignee

All CRM service requests where the user is the assignee.

11

CRM Service Request Assignee Hierarchy

All CRM service requests where the user's subordinates are the assignee.

12

CRM Service Request Creator

All CRM service requests where the user created the SRs.

13

CRM Service Request Creator Hierarchy

All CRM service requests where the user's subordinates created the SRs.

14

CRM Service Request Partner Account

All service requests where the SR is associated with the user's partner account.

15

CRM Service Request Contact

All CRM service requests where the user is an SR contact.

16

All HR Service Requests

All HR service requests.

17

HR Business Unit Service Requests

All HR service requests associated with the user's business units.

18

HR Service Request Queue Member

All HR service requests assigned to queues that the user is a member of.

19

HR Service Request Queue Member Hierarchy

All HR service requests assigned to queues that the user's subordinates are a member of.

20

HR Service Request Team

All HR service requests where the user is on the SR team.

21

HR Service Request Team Hierarchy

All HR service requests where the user's subordinates are on the SR team.

22

HR Service Request Creator

All HR service requests where the user created the SRs.

23

HR Service Request Primary Contact

All HR service requests where the user is the SR primary contact.

24

HR Service Request Assignee

All HR service requests where the user is the assignee.

25

HR Service Request Assignee Hierarchy

All HR service requests where the user's subordinates are the assignee.